Name: Cisco IOS XR
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Implementing IPSec Network Security on Cisco IOS XR Software

Information About an IPSec Network with a Cisco IPSec VPN SPA on Cisco IOS XR Software

SC-101

Cisco IOS XR System Security Configuration Guide

IPSec—SNMP Support

Note This IPSec feature is supported only on the Cisco IPSec VPN SPA.

The IPSec SNMP support feature allows you to specify the desired size of a tunnel history table by using

the Cisco IOS XR CLI. The history table archives attribute and statistic information about the tunnel. A

tunnel history table does not accompany every failure table, because every failure does not correspond

to a tunnel. Thus, supported setup failures are recorded in the failure table, but an associated history table

is not recorded because a tunnel was never set up.

Information About an IPSec Network with a Cisco IPSec VPN

SPA on Cisco IOS XR Software

To implement an IPSec network with a Cisco IPSec VPN SPA, you should understand the following

concepts:

• Cisco IPSec VPN SPA Overview, page SC-101

• Displaying the SPA Hardware Type, page SC-101

• Information About Security for VPNs with IPSec, page SC-102

Cisco IPSec VPN SPA Overview

Cisco IOS XR Software supports security protocols such as Authentication Header (AH), Encapsulating

Security Payload (ESP), and Internet Key Exchange (IKE). The resources consumed by these activities

are significant and make it difficult to achieve line-rate transmission speeds over VPNs. Using the

Cisco IPSec VPN SPA enables you to send all VPN traffic coming from or going to the Internet through

the SPA hardware. The SPA supports all IPSec-related processing. Packets coming from the trusted LAN

are encrypted and sent through the Internet. Packets that are received from the WAN routers pass through

the Cisco IPSec VPN SPA for IPSec processing (for example, decryption and validation of the packet

before the packet is sent onto the trusted LAN).

The following three SIP card types are supported on the Cisco XR 12000 Series Router:

• SIP-401

• SIP-501

• SIP-601

Displaying the SPA Hardware Type

To verify that the SPA hardware type is installed on the Cisco XR 12000 Series Router, use the show

diag command. In addition, you can use the show platform command to verify SPA hardware

information.

Table 5 lists the hardware description that appears in the show diag command output for a

Cisco XR 12000 Series Router IPSec VPN SPA.

Questions and Answers:

Need help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General

Operating System	Cisco IOS XR
Architecture	Microkernel
High Availability	Yes
Type	Network operating system
Developed by	Cisco Systems
License	Proprietary
Programming Language	C, C++
Kernel	QNX
Supported Platforms	Cisco ASR9000, NCS series
Security Features	Role-Based Access Control (RBAC), Secure Boot, Encryption
Management Interface	CLI, SNMP, NETCONF, RESTCONF
Release Date	2004
Target Devices	High-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported Hardware	Cisco routers and switches
Networking Protocols	BGP, OSPF, IS-IS, MPLS
Virtualization Support	Virtualization-ready, supports network function virtualization (NFV) and containerization technologies.